ASEC and ISPA tips *updated with Thursday's stuff*

* means important
* trapdoor = Lines of code in programming module alloing user to access to system as he type in secret code. A secret undocumented entry point into the programming module hidden amoung lines of code
* backdoor requires software programs like RAT to access



ASEC

*Countermeasures and specific exploits as well

introduction

various scanning tools (Not very IMPT)

passwords/access control

default/weak passwords

permissions

scripts and dll

malicious scripts

dll loading paths

buffer overflow

heap overflow

stack overflow

effects of exploits

propietary format and protocols

security thru obscurity not good

format string exploits

how is it conducted

effects of the exploits

integer overflow

how does it happen

preventive measures

SQL injection

conducting exploit

using meta data

protect database credentials

web vulnerabilties

error messages

forceful browsing

XSS

data tampering

http session form data cookies

information disclosure

passwords stored in text file

passwords stored in memory
section b

format string

dll

integer overflow

sql injection

web vulnerabilities

information disclosures



ISPA

* all from Lai FM



Exam format:

10 MCQ (20 marks)

5 Structured (80 marks)

2 hours



General tips:

Audit point of view***

Tutotial**

ACL no commands, just MCQ

Few questions from MST chapters, just MCQ

No Cobit

Security polices, just MCQ

Use liberal amounts of common sense

Mainly look at the auditors' viewpoint, controls, and how an auditor sees things.

Can give logical answers as he may give marks for answers not found in the book, but are relavant to the answer.

May require drawing of diagrams to aid description questions.



Topic 4 Computer operations:


focus on this chapter, case study coming out for this

Page 40 onwards, page 43, 44, 45

segregation of duties*

Page 47

distributed model not important

Page 54

computer centre operation

physical security

Page 57-64

disaster recovery

Page 65 onwards

Page 71-75

email risks

Page 77

PC systems not important



Topic 5 Data management***



Page 93, 94, 95

Flatfile approach vs database

page 97 -106

advantages, disadvantages and features

Page 107

3 DBMS models in MCQ

114

database distributed environment important***

116

replicated and partitioned distributed database important***

118

concurrency

120

access control

125

backup control***



Topic 6 SDLC


Product of SDLC + diagram page 141

Relate to POSB example, live system, maintainence system

136 onwards, 139

types of commercial systems in MCQ

142-165/end of topic

Auditor's role in SDLC

phase 7/implementation phase in MCQ

172 to end important***

controlling and auditing SDLC important***

controlling new systems

controlling maintenance***



Topic 7 network, internet, e commerce ***



audit point of view
227 onwards important

227-228

controlling e commerce

237

audit objectives

239



Topic 8


Input control, black and white box models, 5 CAATTS impt!

input controls important ***

processing and output controls in MCQ

320

testing application control ***

323

parallel simulation ITF and such in MCQ



If unsure clarify with me

Sentosa Outing

There will be a class outing to Sentosa, although what we are going to do is highly uncertain.

Day/Date : Thursday 5th June 2008AD
Activity : Uncertain
Location : Sentosa Island
Meet at : Harbourfront MRT Station.
Meeting time: 11.00am*
Persons : Ben, Jeremy, CR, Suz, Ous, Jono, Bastien. More Pending
Items needed : Sentosa is expensive, as such, bring as much money as you think will be necessary. Clothes, water and towels are also not a bad idea

Class Photos

These are the photos, if anyone still remembers, from our last class/PT outing. I know that I promised to put them out earlier, so sorry for the delay.


Mr Lai bowling.


From the right, LFM, Ous, Kege and WJ, Paul, Ben, Sean, Jono, YS and Jem, CR


Fabz going for the kill.


Ous being Ous.


Jono in a moment of ecstasy.


Ben, Paul, Fabz.


Sean summoning a magical ball of green energy.


Enjoying ourselves.


YS strategizing.


Jem, YS and CR.

Revival

Just a brief entry to show and alert DISM classmates about the blog being revived.

Sorry for the long hiatus. Announcements of a class outing and a myriad of other stuff to follow.

Class Outing

This is the finalised plan for the class outing.

Day/Date : Monday 4th February 2008AD
Activity : Bowling/Dinner
Location : Marina South, near City Hall MRT.
Meet at : City Hall MRT Station.
Meeting time: 3.00pm*
Persons : Kay, Fabian, CR, Ben, Jeremy, Sean, Paul, Wei Jian, Jonathan, Louis, YS, Elbon, Bastien and Sian Wee. More pending.
Cash needed : Please bring some money for activities. Around $10++

Could someone bring a camera? We need some new, updated class photos.

*Mr Lai arriving at around 4++pm.We will be beginning activities early however.

Also, Fabian, CR, Jeremy, Ben and Ys will be going early, anyone wanting to join them, ask them for further details.

China Changhun OITP again

Things you need to do:

Please come down to T10, Industry Services Centre to collect a booklet titled “Have a Good Trip!” issued by Ministry of Foreign Affairs, Singapore, before your departure.

If you have not completed the Overseas ITP: Letter of Undertaking (IS-FRM-P05-110M), please download the form from E-Learning@SP. The completed form should be submitted to ISC before 11 February 2008.

Please also refer to previous posts regarding the OITP again

Changchun OITP final briefing

Here is the gist of it.

Airport and related stuff:

Bring all relevant travel documents.

Ensure check in Luggage does not exceed 20kg

Get to T1, Changi Airport by 5.45am on 18th February 2008. If we all want to seat together in flight, please come as early as possible. I will generally recommend 5am. We get to choose our seating arrangement, which means you could be cleared way early or be left sitting next to some guy who likes to sniff your underwear.

No liquids are allowed to be brought on board.

Stick together as a group

Keep a close watch on your own luggage, and do not leave anything behind at any airport as we will not go back to retrieve any forgotten items

Wear warm clothing when in Singapore so as to limit skin exposure to blizzard conditions. Long pants and long sleeved shirt with a winter jacket as well as gloves and hats

Living in Changchun and related stuff:

After the experiences of the guinea pig batch, please bring more than $500. The lecturers recommend $800 to $1000 worth of renminbi.

Bottled Mineral water should be the preferred source of water intake.

Bring your own towel, shampoo and soap as it will not be provided by the hotel.

Ensure that the winter clothing you have or are planning to get be of subzero (below zero) standard as recent blizzards as well as the highest snowfall in 50 years means it will be a tepid 20 degrees celsius below zero (-20) when we arrive.

Get a flu jab, as well as any relevant injections.

Bring moisturisers and lip gloss/balm to ensure a non bleeding and cracked visage.

Bring an inhaler if you are asthmatic.

Our train will have beds, but should you be unable to sleep due to mind numbing cold or adrenaline, bring some non electrical entertainment along.

*If I missed out on anything please let me know*